Game Over: Hackers Embed Malware in Steam Game to Steal Gamers' Passwords!

Game Over: Hackers Embed Malware in Steam Game to Steal Gamers’ Passwords!

In a recent incident that highlights the growing concerns over online gaming security, Valve took swift action to remove a game from its popular platform, Steam, due to malware infiltration. The game, named PirateFI, was found to contain malicious software designed to steal sensitive user information.

The Discovery of Malware in PirateFI

Security researchers have conducted an in-depth analysis of the malware embedded in PirateFI. Marius Genheimer, a researcher at Falcon Team, provided insights to TechCrunch, stating that the malware was likely part of a broader strategy to distribute a harmful payload known as Vidar.

Understanding the Threat

Genheimer noted, “We suspect that PirateFI was just one of multiple tactics used to distribute Vidar payloads en masse.” He emphasized that the game was likely never legitimate and was specifically designed to spread malware.

How the Malware Operated

Research revealed that PirateFI was created by modifying a game template called Easy Survival RPG, a game development tool that costs between $399 and $1,099 to license. This method allowed hackers to deploy a functional game with minimal effort.

Capabilities of Vidar Infostealer

The Vidar malware is notorious for its ability to steal various types of data from infected computers, including:

  • Password information from web browsers
  • Session cookies for unauthorized access
  • Web browser history
  • Cryptocurrency wallet details
  • Screenshots and two-factor authentication codes
  • Other sensitive files

Since its discovery in 2018, Vidar has been implicated in multiple hacking campaigns, including efforts to steal credentials from Booking.com and deploying ransomware. According to the Health Sector Cybersecurity Coordination Center (HC3), Vidar has become one of the most successful infostealers in recent years.

READ ALSO  Urgent Alert: Broadcom Calls on VMware Users to Patch Critical Zero-Day Vulnerabilities Under Active Exploitation

Challenges in Identifying the Perpetrators

Infostealers like Vidar are often sold through a malware-as-a-service model, making it easier for even inexperienced hackers to utilize them. This widespread availability complicates efforts to trace the origins of malicious software like PirateFI.

Research Findings and Developer Anonymity

Genheimer and his team analyzed multiple samples of the malware, discovering similarities across various sources, including VirusTotal and SteamDB. Despite these findings, Valve has not commented on the matter.

The developers behind PirateFI, identified as Seaworth Interactive, lack an online presence, and their social media account was removed shortly after the incident. Attempts to reach out for comments went unanswered.

Stay Informed on Cybersecurity

For more updates on cybersecurity in gaming, consider following CNET’s gaming section and stay vigilant against potential threats.

If you have additional information regarding this malware or other gaming-related hacks, please reach out securely through TechCrunch.

Similar Posts

Estonia's Blackwall Secures €45 Million in Series B Funding to Safeguard SMBs Against Malicious Online Threats

Estonia’s Blackwall Secures €45 Million in Series B Funding to Safeguard SMBs Against Malicious Online Threats

Bysupport

In the digital age, bots significantly impact online traffic, with malicious bots posing heightened cybersecurity threats, especially to small and medium-sized enterprises (SMBs). Cybersecurity expert Nikita Rozenberg highlights that these threats can be catastrophic for SMBs. To address this, Rozenberg founded Blackwall, an Estonia-based startup focused on SMB needs, offering solutions like the GateKeeper, which filters out harmful bot traffic. Recently, Blackwall raised €45 million in Series B funding to enhance its offerings and expand into U.S. and APAC markets. With over 2.3 million websites using its services, Blackwall aims to combat evolving online threats effectively.

DOJ Confirms FBI's Major Operation to Eradicate Chinese Malware from Thousands of US Computers

DOJ Confirms FBI’s Major Operation to Eradicate Chinese Malware from Thousands of US Computers

Bysupport

U.S. authorities have disrupted the operations of the state-sponsored Chinese hacking group “Twill Typhoon,” linked to a global espionage campaign affecting millions of computers. On August 2024, the Department of Justice and FBI, in collaboration with French authorities and the cybersecurity firm Sekoai, executed a court-authorized operation to eliminate the “PlugX” malware from over 4,200 infected U.S. computers. The malware, utilized since 2014 for espionage, collects victim files for exfiltration. The U.S. has accused the Chinese government of funding Twill Typhoon, amid ongoing concerns about Chinese cyber threats targeting global organizations and government systems.

Massive Crypto Heist: Hackers Successfully Launder $1.4 Billion in Stolen Bybit Funds

Massive Crypto Heist: Hackers Successfully Launder $1.4 Billion in Stolen Bybit Funds

Bysupport

The recent hack of cryptocurrency exchange Bybit has alarmed the digital finance community, with approximately $1.4 billion in Ethereum stolen, marking one of the largest crypto thefts in history. On February 21, Bybit reported a sophisticated attack that led to the loss of 401,346 Ethereum, potentially linked to North Korean hackers. Investigations indicate that 90% of the stolen funds are being tracked, with most converted to Bitcoin and distributed across 4,400 addresses. Bybit has launched a bounty program offering up to $140 million for information on the stolen assets, successfully awarding $4.3 million to bounty hunters so far.

Urgent Security Alert: Hackers Target New Ivanti VPN Vulnerability to Breach Company Networks

Urgent Security Alert: Hackers Target New Ivanti VPN Vulnerability to Breach Company Networks

Bysupport

U.S. software giant Ivanti has raised alarms regarding a newly discovered zero-day vulnerability in its popular enterprise VPN appliance. This critical security flaw poses a serious risk to the networks of its corporate customers, highlighting the urgent need for organizations to take proactive measures to secure their systems. Details of the Ivanti VPN Vulnerability On…

CyberArk Acquires Zilla Security for Up to $175 Million: A Major Move in Cybersecurity

CyberArk Acquires Zilla Security for Up to $175 Million: A Major Move in Cybersecurity

Bysupport

CyberArk has acquired Zilla Security, an identity governance and administration platform, for up to $175 million, including $165 million in cash and a $10 million performance-based earn-out. This acquisition aims to bolster CyberArk’s identity security offerings and modernize solutions for enterprises. Founded in 1999, CyberArk focuses on privileged access security and has a history of strategic acquisitions, including Venafi for $1.54 billion. Zilla, established in 2019, emphasizes automation and AI in identity and access management. CyberArk plans to integrate Zilla’s services into its platform, enhancing its capabilities and driving growth, as evidenced by a 41% increase in valuation over the past year.

Global Crackdown: Four Suspected 8base Ransomware Operators Arrested by Authorities

Global Crackdown: Four Suspected 8base Ransomware Operators Arrested by Authorities

Bysupport

A global law enforcement initiative, Operation Phobos Aetor, led to the arrest of four Russian nationals linked to over 1,000 ransomware attacks, particularly through the 8base group, a major affiliate of the Phobos ransomware-as-a-service operation. Conducted in Phuket, Thailand, the operation seized the group’s dark web leak site and over 40 pieces of evidence, including digital devices. Charges were unsealed against two suspects, Roman Berezhnoy and Egor Glebov, who allegedly generated $16 million from ransomware schemes targeting organizations, including critical infrastructure in the U.S. Ongoing investigations continue to warn over 400 companies about imminent threats.